- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
UTM Features?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, I believe that it is.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Deep Packet Inspection isn't a FortiGuard feature. It's a separate built-in feature you can enable to do "man-in-the-middle" on-the-fly decryption of outgoing or incoming traffic on a per-policy basis. With DPI, UTM features like AV, Web Filtering, Intrusion Protection, etc. can fully inspect the traffic and are thus more effective. Without DPI, encrypted traffic can only be partially inspected and encrypted payloads like ransomware can sneak through.
An example multi-layered approach to preventing ransomware on a single FortiGate would typically involve the following UTM features:
[ol]All of the above can be considered your first lines/layers of defense. Your desktop and server's hardened security configuration, and lastly your desktop and server antivirus software should be considered your last line of defense for ransomware.
So, all the FortGuard Security bundles include AV and IPS, but the ATP bundle doesn't IRDB/ISDB (IP Reputation), Web Filtering, DNS Filtering, Botnet DB, or Geo-IP, so I'd recommend the UTP bundle at a minimum as it includes everything above. The ENT or 360 bundles would be worth considering if you're are a larger enterprise managing a number of FortiGate firewalls where you'd want to centralize your management, reporting and automation of threat remediation (beyond the scope of this discussion).
Russ
NSE7